As Zoom completes its ambitious 90-day security and privacy plan, the teleconferencing company has tapped seasoned veteran and former Salesforce Senior Vice President of Security Operations Jason Lee as CISO.
Lee will report directly to Zoom COO Aparna Bawa.
Zoom had suffered a number of growing pains – most of them around privacy – exploded overnight after workers and students were forced home during the Covid-19 pandemic and turned to the teleconferencing platform for business meetings and online learning.
Shortcomings that allowed “zoombombing” and other privacy missteps prompted founder and CEO Eric Yuan to put a premium on security and privacy, seeking the counsel of users, privacy advocates and security luminaries like former Facebook CSO Alex Stamos.
In an April 1 blog post, Yuan pledged that Zoom would:
- Enact a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
- Conduct a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
- Prepare a transparency report that details information related to requests for data, records, or content.
- Enhance our current bug bounty program.
- Launch a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
- Engage a series of simultaneous white box penetration tests to further identify and address issues.
Yuan also began hosting weekly webinars to discuss privacy and security updates and last week the company extended the option of end-to-end encryption to its free customers.